CVE-2018-20615 — Out-of-bounds Read in Haproxy

CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 62.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haproxy Canonical Ubuntu Linux Opensuse Leap +2 more

Timeline

PublishedMar 21

Latest updateMay 14

Description

An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianhaproxy/haproxy< 1.8.16-2+3

▶Ubuntuhaproxy/haproxy< 1.6.3-1ubuntu0.2+1

▶NVDhaproxy/haproxy1.8.0 — 1.8.19+1

▶NVDopensuse/leap15.0

Also affects: Ubuntu Linux 16.04, 18.04, 18.10, Enterprise Linux 7.0, 7.4, 7.5, 7.6, Openshift Container Platform 3.11

🔴Vulnerability Details

GHSA

GHSA-w4g5-v736-j48g: An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1↗2022-05-14

▶

OSV

CVE-2018-20615: An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1↗2019-03-21

▶

CVEList

CVE-2018-20615: An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1↗2019-03-18

▶

OSV

haproxy vulnerabilities↗2019-01-15

▶

📋Vendor Advisories

Ubuntu

HAProxy vulnerabilities↗2019-01-15

▶

Red Hat

haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash↗2019-01-08

▶

Debian

CVE-2018-20615: haproxy - An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAP...↗2018

▶

💬Community

Bugzilla

CVE-2018-20615 haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash↗2019-01-02

▶